Module: Faye::Authentication

Defined in:

lib/faye/authentication.rb,
lib/faye/authentication/engine.rb,
lib/faye/authentication/version.rb,
lib/faye/authentication/http_client.rb,
lib/faye/authentication/client_extension.rb,
lib/faye/authentication/server_extension.rb

Defined Under Namespace

Classes: AuthError, ClientExtension, Engine, ExpiredError, HTTPClient, PayloadError, ServerExtension

Constant Summary

VERSION =

"0.4.0"

Class Method Summary

• .authentication_required?(message) ⇒ Boolean
• .decode(signature, secret) ⇒ Object

  Return signed payload or raise.

• .public_channel?(channel) ⇒ Boolean
• .sign(payload, secret, options = {}) ⇒ Object

  Return jwt signature, pass hash of payload including channel and client_id.

• .validate(signature, channel, clientId, secret) ⇒ Object

  Return true if signature is valid and correspond to channel and clientId or raise.

Class Method Details

.authentication_required?(message) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/faye/authentication.rb', line 35

def self.authentication_required?(message)
  subscription_or_channel = message['subscription'] || message['channel']
  !public_channel?(subscription_or_channel) && (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
end

.decode(signature, secret) ⇒ Object

Return signed payload or raise

Raises:

• (ExpiredError)

# File 'lib/faye/authentication.rb', line 21

def self.decode(signature, secret)
  payload, _ = JWT.decode(signature, secret) rescue raise(AuthError)
  raise ExpiredError if Time.at(payload['exp'].to_i) < Time.now
  payload
end

.public_channel?(channel) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/faye/authentication.rb', line 40

def self.public_channel?(channel)
  channel.start_with?('/public/') and not channel.include?('*')
end

.sign(payload, secret, options = {}) ⇒ Object

Return jwt signature, pass hash of payload including channel and client_id

# File 'lib/faye/authentication.rb', line 15

def self.sign(payload, secret, options = {})
  options = {expires_at: Time.now + 12*3600, algorithm: 'HS256'}.merge(options)
  JWT.encode(payload.merge(exp: options[:expires_at].to_i), secret, options[:algorithm])
end

.validate(signature, channel, clientId, secret) ⇒ Object

Return true if signature is valid and correspond to channel and clientId or raise

Raises:

• (PayloadError)

# File 'lib/faye/authentication.rb', line 28

def self.validate(signature, channel, clientId, secret)
  payload = self.decode(signature, secret)
  raise PayloadError if channel.to_s.empty? || clientId.to_s.empty?
  raise PayloadError unless channel == payload['channel'] && clientId == payload['clientId']
  true
end